<?php

session_start();


include 'connexion.php';


if(isset($_POST["submitcon"])){
    $mail = $_POST["mail"];
    $mdp = sha1('gz' . $_POST["mdp"]); //re criptage du mdp


    //on regarde si les droits sont activés
    $sql = "SELECT statut FROM user WHERE mail = '$mail'"; 
    $req = mysqli_query($db,$sql) or die('Erreur SQL !'.$sql.'<br>'.mysqli_error($db)); 
    $res= mysqli_fetch_array($req);
    $statut = $res['statut'];

    $sql = "SELECT nom FROM user WHERE mail = '$mail'"; 
    $req = mysqli_query($db,$sql) or die('Erreur SQL !'.$sql.'<br>'.mysqli_error($db)); 
    $res= mysqli_fetch_array($req);
    $nom = $res['nom'];

    $sql = "SELECT id FROM user WHERE mail = '$mail'"; 
    $req = mysqli_query($db,$sql) or die('Erreur SQL !'.$sql.'<br>'.mysqli_error($db)); 
    $res= mysqli_fetch_array($req);
    $id_user = $res['id'];

	   // on regarde dans la table pays si le pays existe déjà 
	   $sql = "SELECT mail FROM user WHERE mail = '$mail'"; 
	   $req = mysqli_query($db,$sql) or die('Erreur SQL !'.$sql.'<br>'.mysqli_error($db)); 
	   $res= mysqli_fetch_array($req);
	   $login = $res['mail'];

	   if ($login != $mail) {
	       $erreur = "Le mail et/ou le mot de passe est incorect";
	       $_SESSION["log"]=0;
	       
	    }
	    else
	    {

			   // on regarde dans la table pays si le pays existe déjà 
			   $sql = "SELECT mdp FROM user WHERE mail = '$mail'"; 
			   $req = mysqli_query($db,$sql) or die('Erreur SQL !'.$sql.'<br>'.mysqli_error($db)); 
			   $res= mysqli_fetch_array($req);
			   $pass = $res['mdp'];

			   if ($pass != $mdp) 
			   {
			       $erreur = "Le mail et/ou le mot de passe est incorect";
			       $_SESSION["log"]=0;
			       
			   }
			   else
			   {	
				    if ($statut == 1) 
				    {
				    	$_SESSION['nom']=$nom;
				    	$_SESSION['id_user']=$id_user;
				    	$_SESSION["log"]=1;
				    	if (!empty($_SESSION['url'])) {
				    		header('Location: '.$_SESSION['url'].'');
				    	}
				    	else
				    	{
				    		header('Location: index.php');
				    	}
					  	
				    }
				    elseif ($statut == 2) 
				    {
				    	$_SESSION['nom']=$nom;
				    	$_SESSION['id_user']=$id_user;
				    	$_SESSION["log"]=2;
				    	
					  	if (!empty($_SESSION['url'])) {
				    		header('Location: '.$_SESSION['url'].'');
				    	}
				    	else
				    	{
				    		header('Location: index.php');
				    	}
				    }
		  }

	}
}

?>

<html>

	<head>
          <link rel="stylesheet" type="text/css" href="style.css"/>
      <meta charset="UTF-8" />
      <meta name="description" content="Free Bed ou comment trouver un endroit pour dormir en 2 cliques."/>
      <title>Free Bed</title>
    </head>

	<body>

		<script type="text/javascript">

			alert("<?php echo $erreur ?>");
			document.location.href = 'deconnection.php';

		</script>			
		<div id="conteneur">
            <div id="header">
                <?php include_once("header.php"); ?>
        	</div><br/>
            <div id="contenu">
				<div id="connexion">
					<form method="post"/>
						<table id="connexiontable">
							<tr>
								<td><input type="text" name="mail" placeholder="Votre Mail"/></td>
							</tr>
							<tr>
								<td><input type="password" name="mdp" placeholder="Mot de passe"/></td>
							</tr>
							<tr>
								<td><input type="submit" name="submitcon" value="Valider"/></td>
							</tr>
						</table>
					</form>
				</div>
			</div>
			<div id="footer">
                <?php include_once("footer.html"); ?>

            </div>
		</div>
	</body>
</html>